sensors Object
The sensors object contains the following fields:
Field |
Type |
Description |
---|---|---|
actionsInProgress |
Integer |
The number of actions in progress (i.e. Not Resolved) on the machine. |
amModeOrigin |
String |
The source of the value for the Anti-Malware Signatures mode setting. |
amStatus |
Enum |
The Anti-Malware installation status for the sensor. Possible values include:
|
antiExploitStatus |
Enum |
The status of the Exploit Prevention feature. Possible values include:
This field returns a value only if you have enabled Exploit Prevention. This field is applicable for versions 20.1 and higher. |
antiMalwareStatus |
Enum |
The Anti-Malware prevention mode for the sensor. Possible values include:
|
antiMalwareModeOrigin |
String |
The source of the value for the Anti-Malware setting. |
archiveTimeMs |
Timestamp |
The time (in epoch) when the sensor was archived. |
archivedOrUnarchiveComment |
String |
The comment added when a sensor was archived or unarchived. |
avDbVersion |
String |
The version of the Anti-Malware Signatures database on the machine where the sensor is installed. |
avDbLastUpdateTime |
Long |
The time when the Anti-Malware Signatures database on the machine where the sensor is installed was last updated. |
collectionComponents |
Enum |
Any special collections enabled on the server and/or sensor. Possible values include:
|
collectionStatus |
Enum |
States whether the machine has data collection enabled. Possible values include:
|
collectiveUuid |
String |
The identifier for the Registration server for the sensor. |
compliance |
Boolean |
Indicates whether the current sensor settings match the policy settings. |
consoleVersion |
String |
The version for the console for your Cybereason environment. |
cpuUsage |
Float |
The amount of CPU used by the machine (expressed as a percentage). |
criticalAsset |
Boolean |
The value assigned for the machine for the CRITICAL ASSET sensor tag. |
customTags |
String |
A list of custom sensor tags assigned to the machine. |
deliveryTime |
Timestamp |
The time (in epoch) when the last policy update was delivered to the sensor |
DeletedBy |
String |
The Cybereason user that removed this sensor from the Sensors screen. This field is available in versions 22.1.65 and later. |
DeletedDate |
String |
The date the sensor was removed from the Sensors screen. This field is available in versions 22.1.65 and later. |
department |
String |
The value assigned to the machine for the DEPARTMENT sensor tag. |
deviceType |
String |
The value assigned to the machine for the DEVICE TYPE sensor tag. |
deviceModel |
String |
The model added for a device in the allowed devices section of the Endpoint Controls settings. |
disconnected |
Boolean |
Indicates whether a sensor is currently disconnected. |
disconnectionTime |
Timestamp |
Time the machine was disconnected. Returns 0 if this is the first connection time. After the first connection, this is the time it was last connected. |
documentProtectionStatus |
Enum |
The status for the Document Protection mode. Possible options include:
|
documentProtectionMode |
Enum |
The mode set for the Document Protection mode. Possible options include:
|
exitReason |
String |
The reason the sensor service (minionhost.exe) stopped. |
externalIpAddress |
String |
The machine’s external IP address for the local network. |
firstSeenTime |
Timestamp |
The first time the machine was recognized. Timestamp values are returned in epoch. |
fullScanStatus |
Enum |
The status set for the sensor for the full scan. |
fqdn |
String |
The fully qualified domain name (fqdn) for the machine. |
fwStatus |
Enum |
The status of the Personal Firewall Control feature. Possible options include:
This field returns a value only if you have enabled Endpoint Controls. This field is applicable for versions 19.2 and higher. |
groupId |
String |
The identifier the Cybereason platform uses for the group to which the sensor is assigned. |
groupName |
String |
The name for the group to which the sensor is assigned. |
groupStickinessLabel |
Enum |
The method by which the sensor was assigned to the group. Possible options include:
|
groupStickiness |
Boolean |
Indicates whether this sensor is automatically assigned back to the group based on an assignment rule. |
guid |
String |
The globally unique sensor identifier. |
HeartBeatWin |
String |
The machine serial number. This field is available from version 21.2.123 and later. |
lastStatusAction |
String |
The last action taken that changed the sensor status. |
lastUpgradeResult |
Enum |
The result of the last upgrade process. Possible options include:
|
lastUpgradeSteps |
Enum |
A list of step taken in the upgrade process. Possible options include:
If there is a failure to upgrade the sensor, this list shows the failure. |
internalIpAddress |
String |
The machine’s internal IP address as identified by the sensor. |
isolated |
Boolean |
States whether the machine is isolated. Returns true if the machine is isolated. |
lastFullScheduleScanSuccessTime |
Timestamp |
The time (in epoch) that the sensor last did a successful full scan. |
lastQuickScheduleScanSuccessTime |
Timestamp |
The time (in epoch) that the sensor last did a successful quick scan. |
lastPylumUpdateTimestampMs |
Timestamp |
The last time (in epoch) the sensor sent a message to the Cybereason server. |
location |
String |
The value assigned for this machine for the LOCATION sensor tag. |
machineName |
String |
The name of the machine. |
memoryUsage |
Long |
The amount of RAM on the hosting computer used by the sensor. |
offlineTimeMS |
Timestamp |
The last time (in epoch) that the sensor was offline. |
onlineTimeMS |
Timestamp |
The last time the sensor was seen online. |
organization |
String |
The organization name for the machine on which the sensor is installed. |
organizationalUnit |
String |
The name of the organization unit taken from the Active Directory on the machine on which the sensor is installed. |
osType |
Enum |
The operating system running on the machine. Possible options include:
|
osVersionType |
Enum |
Version of operating system for the machine. Possible options include:
|
outdated |
Boolean |
States whether or not the sensor version is out of sync with the server version. |
pendingActions |
Array |
An array containing batch numbers for actions pending to run on the sensor. |
policyId |
String |
The unique identifier the Cybereason platform uses for the policy assigned to the sensor. |
policyName |
String |
The name of the policy assigned to this sensor. |
powerShellStatus |
Enum |
The PowerShell Prevention mode. Possible options include:
|
preventionError |
String |
The error received for prevention by the sensor. |
preventionStatus |
Enum |
The Execution Prevention mode. Possible options include:
|
privateServerIp |
String |
The private IP address for the Detection server for the sensor. |
proxyAddress |
String |
The address for the Proxy server used by this sensor. |
purgedSensors |
Boolean |
Indicates whether this sensor was removed from the Sensors screen. |
pylumID |
String |
The unique identifier assigned by Cybereason to the sensor. |
quickScanStatus |
Enum |
The status set for the sensor for a quick scan. |
ransomwareStatus |
Enum |
The Anti-Ransomware mode. Possible options include:
|
remoteShellStatus |
Enum |
Whether or not the Remote Shell utility is enabled for the sensor. Possible options include:
This field returns a value only if you have enabled Remote Shell for your Cybereason server. |
sensorId |
String |
The unique identifier for a sensor. |
sensorArchivedByUser |
String |
The Cybereason user name for the user who archived the selected sensor. |
sensorLastUpdate |
Timestamp |
The last time (in epoch) that the sensor was updated. |
serialNumber |
String |
The serial number added for a device in the allowed devices section of the Endpoint Controls settings. |
serverId |
String |
The unique identifier for the Detection server for the sensor. |
serverIp |
String |
The IP address for the Detection server for the sensor. |
serverName |
String |
The name of the server for the sensor. |
serviceStatus |
Enum |
Indicates the current value of the Anti-Malware service. Possible options include:
|
siteName |
String |
The name of the site for the sensor. |
siteId |
Long |
The identifier for the sensor’s site. |
staleTimeMS |
Integer |
The time (in epoch) when the Sensor was classified as Stale. |
staticAnalysisDetectMode |
Enum |
The value for the Artificial Intelligence Detect mode in the Anti-Malware settings. Possible options include:
|
staticAnalysisDetectModeOrigin |
Enum |
The source of the value for the Artificial Intelligence Detect mode setting. Possible options include:
|
staticAnalysisPreventMode |
Enum |
The value for the Artificial Intelligence Prevent Mode in the Anti-Malware settings. Possible options include:
|
staticAnalysisPreventModeOrigin |
Enum |
The source of the value for the Artificial Intelligence Prevent mode setting. Possible options include:
|
status |
Enum |
The status of the sensor. Possible options include:
|
statusTimeMS |
Timestamp |
The last time (in epoch) when the sensor sent a status. |
upTime |
Long |
The time the sensors have been in the UP state. |
usbStatus |
Enum |
The status of the Device Control feature. Possible options include:
This field returns a value only if you have enabled Endpoint Controls. This field is applicable for versions 19.2 and higher. |
version |
String |
The sensor version number. |